Cyber Security Analyst - Bicester | South Central Ambulance Service NHS Foundation Trust
| Posting date: | 08 June 2026 |
|---|---|
| Salary: | Not specified |
| Additional salary information: | £49,387 - £56,515 pa pro rata per annum |
| Hours: | Part time |
| Closing date: | 08 July 2026 |
| Location: | Bicester, OX26 6HR |
| Company: | South Central Ambulance Service NHS Foundation Trust |
| Job type: | Permanent |
| Job reference: | 8064423/195-26-351-TAM |
Summary
Band 7 Cyber Security Analyst (SOC & SIEM Lead)
Join us and help define what great looks like
We are looking for an experienced Cyber Security Analyst to take a leading role in developing and running our Security Operations (SOC) and SIEM capability.
This role is ideal for someone who brings experience ofwell-established cyber operationsand can apply that knowledge tostrengthen and evolve our detection and response capabilityin a complex NHS environment, where patient safety and operational continuity are critical.
You will work with tools includingSophos Intercept X and Secureworks Taegis,while helping shape our future SOC model. Beyond tooling, you will play a key role in establishingeffective, sustainable ways of workingaligned to recognised good practice.
What you will do
· Lead the day-to-day operation and ongoing development of ourSOC and SIEM capability
· Own and continuously improvedetection use cases, alerting, triage, and response processes
· Act as atechnical lead for monitoring and detection, ensuring controls are effective, proportionate, and aligned to risk
· Investigate and respond tosecurity incidents, providing clear, risk-based analysis and recommendations
· Usethreat intelligence and operational insightto continually improve detection capability
· Providemeaningful reporting and assuranceon SOC performance and cyber posture
· Support the evolution of ourfuture SOC model, including partnership working where required
· Provideguidance and mentoring to colleagues, helping to build capability and embed effective SOC and incident response practices across the team.
Why this role matters
• You will play a key role instrengthening our cyber resilience
• You will havereal ownership and influenceover how SOC services are delivered
• Your work directly supportsfrontline ambulance services and patient care
• You will help build acapable, sustainable internal cyber function
Benefits we offer:
• Full training and support when you join and ongoing throughout your employment with us.
• Holiday entitlement is 27 days rising to 29 days after 5 years and 33 days after 10 years, plus 8 bank holidays (pro rata for part time).
• Enrolment into the NHS Pension Scheme.
• Access to continual professional development and opportunities within SCAS and the NHS.
• Occupational Health support along with an Employee Assistance Programme.
• NHS Discounts in over 200+ stores including Holidays, Days out, Car insurance, Restaurants and Clothing.
• Staff networking and support groups.
About Us
South Central Ambulance Service NHS Foundation Trust provides a range of emergency, urgent care and non-emergency healthcare services, along with commercial logistics services.
The Trust delivers most of these services to the populations of Berkshire, Buckinghamshire, Hampshire and Oxfordshire as well as non-emergency patient transport services in Sussex.
We serve a population of over 7 million and answer over 500,000 urgent calls a year. We employ 4,551 staff who, together with over 1,100 volunteers, enable us to operate 24 hours a day, seven days a week.
In SCAS, we know that colleagues who are cared for and valued are enabled to provide the right care, first time, every time. That is why we strive to foster a culture that balances fairness, compassion, learning and accountability; a ‘just and learning culture’.
You will bring:
• Experience working within awell-established SOC or cyber defence function
• Proven ability tolead or significantly shape SIEM/SOC operations
• A clear understanding ofeffective detection engineering and incident response practices
• Experience configuring, tuning, and optimisingSIEM and endpoint security tooling(e.g. Sophos, Secureworks, or equivalent)
• The ability totake ownership and drive improvements, not just operate existing processes
• Strong analytical and communication skills, with the ability to provideclear, actionable insight
• Experience supporting or mentoring others, with the ability toshare knowledge and raise overall team capability
Relevant certifications (e.g. CISSP, CISM, GIAC or equivalent) are desirable, butpractical experience and demonstrable impact are more important.
You’re likely a good fit if:
• You’ve worked in a SOC whereeffective processes and standards are already embedded
• You enjoy improving how things work, not just operating them
• You’re comfortable acting as atechnical lead and trusted point of reference
You take pride indeveloping others and promoting good practice.
Please see Job Description and Person Specification for full details.
This advert closes on Monday 22 Jun 2026
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.